Tag Archives: Breach cost

Security Practices

Ponemon 2015 Cost Of Data Breach Study

Leave a comment

Larry Ponemon surveys companies every year to see how cost of dealing with breaches is trending.  This year shows, among other things, that it costs companies an average of $217 per record breached.  That means, on average, a small breach of say 10,000 records still costs $2 million.  If you assume his numbers are high, half of that is still $1 million.  Absent insurance, that is a large check to write.

Statistics from the report (see here, registration may be required) include:

  • Cost per record breached has been around $210 +/- 5% since 2008.  While it is good that the cost per record is not going up, total records last year were over 1 billion, so that is still a large check for people to write.
  • Average total organizational cost is also basically flat since 2008 – in the $5 mil to $7 mil range per breach.  This number is trending up a little bit over the last 4 years (up $1 mil from 2012, but down from the very highest year, 2011, which was $7.24 mil).
  • Cost per record does vary by industry.  Healthcare was the highest at $398 per record; public sector the lowest at $73 (the public sector is likely the lowest because you cannot sue city hall – at least not successfully).  Other sectors were in the middle – financial at $259, services at $219,  industrial at $190 and retail at $189, for example.
  • 49% were caused by a malicious attack and 32% were caused by system or business process failures.  The rest were attributed to human error (19%).
  • Factors that influence the average cost per breached record include having an incident response team – $23.8 less, using encryption throughout – $19 less and board involvement – $9.8 less.  On the other hand, lost and stolen devices adds $12 and if third parties are involved it adds $29.
  • Churn (loss of customers) has a very big effect on average total cost.  For companies with less than 1% churn, the average total cost is $5.5 mil, for companies with more than 4% churn, the average cost is $12.7 million – more than double.

The report has many other statistics, these are just a few of the highlights.  Please click on the link above to see the report.